mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-06 08:37:21 +00:00
Code Activity
810 commits 17 branches 1 tag 2.1 MiB
Commit graph

64 commits

Author SHA1 Message Date
the-furry-hubofeverything
74f03c1a51 Refuse age keyfile paths that are in the nix store 2024-04-18 08:17:46 +00:00
Joachim Ernst
cc535d07cb
remove all uses of lib.mdDoc (#532) 2024-04-15 11:55:09 +02:00
Jörg Thalheim
fa8035c073 use gnupg binary also now for ssh rsa keys 
With the last sops bump, our gpg keys are no longer detected by sops without it
 2024-03-14 15:47:03 +01:00
Luflosi
7f015eeff1 modules/sops: fix typo 
The assertion below states: "Exactly one of sops.gnupg.home and sops.gnupg.sshKeyPaths must be set".
 2024-03-14 12:52:12 +01:00
Quentin Smith
f6b80ab6cd Address review comments 2024-02-21 07:24:54 +00:00
Quentin Smith
fbec55367f modules/sops/templates: Support custom files as secret templates 
This exposes the `file` option, which can be used with `pkgs.formats` to write additional configuration formats.
 2024-02-21 07:24:54 +00:00
DDoSolitary
f88661c9a9 Revert "don't substitute binaries" 
This reverts commit 7711514b85.

With db82bcafd4, we no longer need to
ensure that the pair list only contains utf-8 text, as long as users
don't reference non-utf-8 data in template content.
Fixes Mic92/sops-nix#439.
 2024-02-20 16:46:05 +00:00
DDoSolitary
f805f3061a template rendering should only read referenced secrets 
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
 2024-02-20 16:46:05 +00:00
Jörg Thalheim
695275c349 make sops-install-secrets work with sysusers 2024-02-12 15:30:32 +01:00
Jörg Thalheim
00071af896 move secrets-fo-users to it's own module 
This preparation to support sysusers.
No behavior change.
 2024-02-08 12:26:52 +00:00
Edward Tjörnhammar
7711514b85 don't substitute binaries 2023-10-14 22:09:48 +00:00
Jörg Thalheim
4d284ca58c nixos: fix typo in assertion message when no key source is configured 2023-09-18 19:13:37 +02:00
Maximilian Bosch
f81e73cf9a
modules/sops: fix description of useTmpfs (#385) 
It's supposed to be mdDoc rather than mkDoc.
 2023-08-15 20:23:48 +01:00
Mic92
339a559402 Add configuration option to use tmpfs in place of ramfs (#355) 
allow use of tmpfs via option configuration

* Tabs vs Spaces

* Update modules/sops/default.nix

* Update modules/sops/default.nix
 2023-08-12 09:45:08 +01:00
zowoq
dca9e50fe3 modules/sops/templates: isCoercibleToString -> isConvertibleWithToString 
834f0d660a
 2023-08-12 09:27:30 +01:00
ajs124
3b26d8f58b literalDocBook -> literalMD 2023-06-20 15:08:13 +02:00
Maximilian Bosch
f10110ddef
modules/sops/templates: declare defaultText for sops.templates.<name>.group 
When using `documentation.nixos.includeAllModules = true;` this fails
for me with

    error: attribute 'users' missing

           at /nix/store/30jax2y4q3d1xyf8ha3cwilw3kdz4pn8-source/modules/sops/templates/default.nix:8:11:

                7|   secretsForUsers = lib.filterAttrs (_: v: v.neededForUsers) cfg.secrets;
                8|   users = config.users.users;
                 |           ^
                9| in {
    (use '--show-trace' to show detailed location information)

Not depending on `config` when building the manual fixes the issue.
 2023-04-25 21:45:42 +02:00
Janne Heß
679ad65214
templates: Add descriptions and use singleLineStr 2023-04-23 12:56:01 +02:00
mlatus
4de4d820ba fix scope in sops.templates; add relevant test 2023-04-18 12:47:12 +08:00
Jörg Thalheim
800f2cd885
Update modules/sops/templates/default.nix 2023-03-21 18:19:08 +00:00
mlatus
d93c3bf08e inline option type and submodule 2023-03-21 21:23:20 +08:00
Ninlives
8c4ecdc301
Apply suggestions from code review 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-03-21 21:20:42 +08:00
mlatus
efd85fbf51 code improvement; use more secure flow to create secret file 2023-03-15 13:56:51 +08:00
mlatus
c955d8fe91 typo 2023-03-14 00:09:48 +08:00
mlatus
c4c39450b1 add sops.templates 2023-03-13 23:56:19 +08:00
Janne Heß
acaf36a1bf Implement home-manager support 
Closes #62
Closes #163
 2023-02-02 11:38:03 +01:00
lucasew
eb09a61dc9 format type: add dotenv and ini 
Signed-off-by: lucasew <lucas59356@gmail.com>
 2023-01-17 10:55:52 -03:00
Naïm Camille Favier
de37ae4b4a
module: add defaultText to validationPackage 
Makes flake-info succeed
 2022-07-21 09:04:38 +02:00
dramforever
fc2b603a9b Add validationPackage option for cross-compilation 2022-07-12 09:39:40 +08:00
Jos van Bakel
5ae679b566
Add package option to module 2022-04-23 16:58:11 +02:00
Janne Heß
5e2f743edd
Re-add service restarts 
We also have service reloads now, so add them as well
 2022-03-14 17:30:56 +01:00
Naïm Favier
4e887466a1
Add defaultText to some options to make flake-info succeed 2022-02-26 16:20:19 +01:00
Jörg Thalheim
95b4393147
Revert "allow to disable sops" 
This reverts commit 43f44540b8.

This commit was not intended for master
 2022-02-07 14:34:38 +01:00
Jörg Thalheim
43f44540b8
allow to disable sops 2022-02-07 14:34:18 +01:00
Naïm Favier
d5d9e67dea
Allow paths in sops.environment 
Useful for things like `sops.environment.SOPS_GPG_EXEC = pkgs.writeShellScript ...`
 2022-01-23 13:39:26 +01:00
Jörg Thalheim
ea297c304d module: no conditionals when exposing manifests 2022-01-04 16:32:08 +01:00
Janne Heß
168346e17e
module: Expose manifests 
We are planning to use this in our CI pipeline
 2022-01-04 00:42:40 +01:00
Jörg Thalheim
3ef112ec72 ignore ssh keys deployed with sops 2021-12-29 15:11:48 +01:00
Janne Heß
bac2a891b7
Fix user passwords disappearing 
Also add a test case for this.
Closes #137
 2021-11-13 14:17:51 +01:00
Janne Heß
80eb349cc8
Support arbitrary environment variables 
Should hopefully fix #23
 2021-11-09 23:33:49 +01:00
Janne Heß
af29ac4d84
Prune old secrets generations 
Closes #128
 2021-11-09 23:17:55 +01:00
Janne Heß
bac08f6919
Allow setting user passwords 2021-11-07 13:53:16 +01:00
Janne Heß
9683d128bd
Add support for restarting/reloading units 2021-11-07 12:37:57 +01:00
Jörg Thalheim
e0e57da497 fix documentation and assertions for age.keyFile 2021-09-30 21:10:08 +02:00
Janne Heß
4cebc08062
Fix age key generation and test it 2021-09-30 15:28:39 +02:00
Janne Heß
5db02f2939
Import age keyfile and ssh keys at the same time 2021-09-30 15:07:30 +02:00
Janne Heß
4568162629
Import age ssh keys by default 2021-09-24 12:09:53 +02:00
Janne Heß
44d91e885e
Add review suggestions 2021-09-24 12:09:53 +02:00
Janne Heß
db8fcb50a3
Add support for ssh-generated age keys 2021-09-24 12:09:52 +02:00
Janne Heß
b21c0ce3a8
Group gnupg and age in the module 2021-09-24 12:09:52 +02:00